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Amendmen ts to the Claims; 

This listing of claims will replace all prior versions, and listings, of claims in the application: 
Ugtjn fcof Claims; 

1 . (Currently amended) A method for a decryptor to obtain a decryption key from a key release 
agent comprising: 

a decryptor obtaining an encryption block compnsing a data ciphertext requiring a 
decryption key to decrypt, the encryption block further comprising key related information 
associated with a first {public key, private key} pair, the encryption block further comprising a 
key ciphertext consisting of the decryption key encrypted by the first public key of the first 
{public key, private key} pair, the encryption block not including an ACD (access controlled 
decryption) block; 

the decryptor generating a key release request containing the key ciphertext, and 
the key related information and outputting the key release request to the key release agent[[;]] 4 
the Vev release re cast for use bv t r-ft W »? mt te loca1 e decrvptor authorization topic 

g^A eternally tn the kev release -~r° gt frff i§JO-bg a^pjied in detenr.ir.inff whether or not to 
release the decryption kev: 

in the event the decry ption kev i s to be released the decryptor receiving a key 
release response specifying the decryption key 1 

2. (Currently amended) A method according to claim 1 further comprising: 

the decryptor making decryptor information avsrilable to the key release agent, the 
decryptor information for use by the key release agent in determining decryptor attributes^ 
decry ptor a ttr ^"+~ for further use in determin e r whether or iiot To release the decryption key ,. 

3. (Original) A method according to claim 1 further comprising the decryptor using the 
decryption key to decrypt the data ciphertext. 
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4 (Original) A method according to claim 1 wherein the decryptor making the decryptor 
information available to the key release agent comprises including the decryptor information in 
the key release request 

5. (Currently amended) A method according to claim [[1]] 2 wherein the decryptor making the 
decryptor information available to the key release agent comprises the decryptor providing the 
decryptor information to the key release agent while establishing a secure connection with the 
key release agent. 

6. (Currently amended) A method according to claim [[1]] 2 fafl fcor oomprifite gwhgigin. the 
decryptor making the decryptor information available to the ke> release agent bycornprises 
providing a decryptor identifier which may be used to look up <lecryptor attributes &em|tpredjn 
a repository eternal to th * key, revise request. 

7. (Original) A method according to claim 1 wherein the key related information comprises a 
key pair identifier. 

8. (Original) A method according to claim 1 further comprising: 

before generating the key release request, the decryptor determining if the private 
key of the first {public key, private key} pair is available at the decryptor; 

upon determining the private key of the first {public key, private key} pair is not 
available at the decryptor generating the key release request. 

9. (Original) A method according to claim I further comprising: 

decrypting at least a portion of the key release response containing an encrypted 
version of the decryption key using aprivate key of a second {public key, private key} pair to 
recover the decryption key. 

1 0. (Currently amended) A method according to claim 1 wherein the encryption block comprises 
a plurality of key related infonnation associated with a respective plurality of first {public key, 
private key} pairs, and a respective plurality of key ciphertexts each consisting of the decryption 
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key encrypted by the public key of a respective one of the plurality of first {public key, private 
key} pairs associated with the pluraliry of key related ^^^m^nims!l> the method 
comprising: 

generating the key release request containing the plurality of key ciphertexts, and 
the associated plurality of key related information. 

11. (Original) A method according to claim 10 further comprisiag: 

before generating the key release request, determining if at least one private key of 
the plurality of first {public key, private key} pairs is available « the decryptor, 

upon determining none of the private keys of the plurality of first {public key, 
private key} pairs is available at the decryptor generating the key release request. 

12. (Cancelled) 

13. (Currently amended) A key release method comprising: 

receiving a key ciphertext and key related information in respect of a key used to 
encrypt the key ciphertext from a decryptor; 

locating decryptor a uthorizatio n logic stored externally to the decryptor with use 
»f the key related inf ormation: 

obtaining decryptor information in respect of the decryptor; 

deciding based on the decryptor information and the key related 
irfnrmffiH ^^tor authorization logic whether decryption of the key ciphertext is to be 

permitted. 

14. (Original) A method according to claim 13 wherein the docryptor information is received 
from the decryptor together with the key ciphertext and key related information. 

15. (Original) A method according to claim 13 wherein obtaioing decryptor information 
comprises receiving the decryptor information while establishing a secure connection with the 
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decryptor. 

16. (Original) A method according to claim 13 wherein obtaining decryptor information 
comprises: 

receiving from the decryptor a decryptor identifier; 

using the decryptor identifier to lookup decryptor attributes from a public 
repository, the decryptor identifier and decryptor attributes together constituting the decryptor 
information. 

17. (Original) A method according to claim 13 further comprising: 

using information in a certificate as the decryptor information. 

18. (Original) A method according to claim 17 further comprising: 

obtaining the certificate from a certificate repository. 

19. (Original) A method according to claim 17 further comprising receiving the certificate 
together with the key ciphertext and key related information. 

20. (Original) A method according to claim 13 wherein the decryptor information is an identity 
or role of the decryptor, an alias, or a claim of access rights or privilege, or some other attribute 
of the decryptor of a corresponding decrypting device or platform. 

21. (Original) A method according to claim 13 wherein the key related information comprises a 
key pair identifier. 

22. (Original) A method according to claim 1 3 further comprising: 

decrypting the key ciphertext, re-encrypting the key using a public key of a 
{public key, private key} pair to produce a re-encrypted key, the private key of which is available 
to the decryptor, and sending the re-encrypted key to the decr>ptor. 

23. (Original) A method according to claim 13 further comprising: 
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decrypting the key ciphertext to obtain a decryption key, 
sending the decryption key to the decryptor over a secure channel. 

24. (Original) A method according to claim 13 further comprising: 

decrypting the key ciphertext to obtain a decryption key; 

using a symmetric key available to the decryptor, encrypting the decryption key 
with the symmetric key to produce an encrypted decryption key, and sending the encrypted 
decryption key to the decryptor. 

25. (Currently amended) A method according to claim 13 further comprising: 

receiving a plurality of key ciphertexts and respective key related information 
from the decryptor and determining whether at least one private key required to decrypt a 
respective at least one key ciphertext of the plurality of key ciphertexts is available; 

using the resp^tive kevrelf" 1 i^rmatinn m Innate respective decryptor 
authorizatio n l^ pi^ stored p ytpmallv to the decryptor; and 

upon determining such at least one private key is available, deciding based on the 
decryptor information and dig respective Hecrvntor authorization logic whether decryption of at 
least one of the plurality of key ciphertexts is to be permitted 

26. (Original) A method to claim 25 further comprising: 

decrypting one of the key ciphertexts using a corresponding private key to recover 
a decryption key. 

27. (Currently amended) A method according to claim 25 wherein deciding based on decryptor 
information of the decryptor and the ku > r olatod infor m.tinnre^rtive decr yptor authorization 
logic whether decryption of at least one of the key ciphertexts is to be permitted comprises 
applying die respective decryptor authorization logic associated with each public key used to 
encrypt the decryption key to the decryptor information to detormine whether the decryptor 
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should be permitted access to the decryption key. 

28. (Currently amended) A method according to claim 13 wherein deciding based on decrypt 
formation of the decryptor and the key i o latod informn n o u d ecr yptor authorization logic 
whether decryption of the key ciphertext is to be permitted comprises applying at least one rule 
^^ ^^■n^^tkmtodc associated with the public toy used to encrypt the decryption 
key to the decryptor information to determine whether the decryptor should be permitted access 
to the decryption key?. 

29. (Currently amended) A method of controlling access to a decryption key comprising: 

receiving from a decryptor a key release request comprising decryptor information 
and the decryption key encrypted using a public key, 

locating decryption n - 1 fli-~'r" IgfflS « "™Uv to &g key release request 
with use of the public kevj 

applying the decryption authorization logic acs o oiatod with the public toy use d te 
uumjytdiadociyptimiV^ to the decryptor information to deteimine whether the decryptor 
should be permitted access to the decryption key; 

upon detennining the decryptor should be permitted access to the decryption key, 
sending a key release response specifying the decryption key. 

30. (Currently amended) A method of controlling access to decryption keys comprising: 

mamtaining a private key repository comprising a plurality of access identifiers, 
and for each access identifier at least one key related information of a respective {public key, 
private key} pair, the repository also containing the private key of each {public key, private key} 
pair, 

nuuii miiung a repo s it o ry r omprising for eaek - a s eess idoutifior a roapectw 
du ui y plui u ut h uu a ntion lo g i n w hich n an bo applied to a deegyfl 

obtaining d e oryptor information; 
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receiving a key release request containing a decryption key encrypted using a 
public key of a {public key, private key} pair and containing a key related information associated 
with the {public key, private key} pair, 

mMntaming a reposimry TgjidjDg »^r»*"Y " keV ™ 11ftsT m>™&!& 
a ^ ess identic with respectiv r decryptor aujhMizat^ mp is that can be applied to a 

decrvptor information; 

retaining decry ptor information; 

for each access identifier in association with which the key related information is 
stored, applying the respective decryptor authorization logic to me decryptor information 
specified in the key release request; 

in the event the decrypt information satisfies ai least one of the respective 
decryptor authorization logics, decrypting the ciphertext to recover the decryption key, and 
sending a key release response to the decrvptor specifying the decryption key. 

31. (Original) An administrative interface comprising: 

a private key repository maintenance function adapted to allow adding and 
deleting of a key related information and associated private key of a {public key, private key} 
pair; and 

a decrvptor authorization logic definition function adapted to allow the definition 
of decryptor authorization logic to be applied to decryptor information to determine ehgibility to 
decrypt, and for each decryptor authorization logic to select one or more of the key related 
information in respect of which the rule is to be applied 

32. (Original) An administrative interface according to claim :il wherein the private key 
repository maintenance function is further adapted to store the key related information and 
associated private key of a {public key, private key} pair in association with one of a plurality of 
access identifiers; 
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and wherein the decryptor authorization logic definition function is further 
adapted to store each authorization logic in association with one of the plurality of access 
identifiers. 

33. (Currently amended) A decryptor comprising: 

means for obtaining an encryption block comprising a data ciphertext requiring a 
decryption key to decrypt, the encryption block further comprising key related information 
associated with a first {public key, private key} pair, the encrypt ion block further comprising a 
key ciphertext consisting of the decryption key encrypted by the first public key of the first 
{public key, private key} pair, the encryption block not including an ACD (access controlled 
decryption) block; 

means for generating a key release request containing the key ciphertext, and the 
key related information and outputtiog the key release request to the key release agent; 

m eans for, ffiakja g making decrv nmr inf or mat ion . a v ailable to the key release 
agent |he decrypt for use by the key release agent to obtain decryptor authorization 

^ h ^v ^iiv to the kev rel eas e request that is to be applied in determining whether or 
not to release th* decryption key. 



means 



for receiving a key release response specifying the decryption key. 



34. (Cancelled) 

35. (Currently amended) A decryptor according to claim 33 further comprising means for using 
the decryption key to decrypt the data ciphertext. 

36. (Original) A decryptor according to clam 33 adapted to nuke the decryptor information 
available to the key release agent by including the decryptor information in the key release 
request. 

37. (Original) A decryptor according to claim 33 further comprising means for decrypting at 
least a portion of the key release response containing an encrypted version of the decryption key 
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using a private key of a second {public key, private key} pair to recover the decryption key. 
38. (Currently amended) A key release agent comprising: 

means for receiving from a decryptor a key cipheitext and key related information 
in respect of a key used to encrypt the key ciphertext; 

mgang for locating decr y p t ajteizatign Wic stored externally to the decrvR to r 
with nsft nf the ^ related mfonnationi 

means for obtaining decryptor information in respect of the decryptor; ani 

means for deciding based on decryptor information of the decryptor and the key 
l) , 1ll|rin infnrmntinn^^^r a mhori2ation logic whether decryption of the key ciphertext is to be 

permitted. 

39. (Original) A key release agent according to claim 3 8 adapted to receive the decryptor 
information together with the key ciphertext and key related information. 

40. (Currently amended) A key release agent according to claim 38 adapted to use tfeea decryptor 
identifier to lookup decryptor attributes from a repository, the decryptor identifier and decryptor 
attributes together constituting the decryptor information. 

41 . (Currently amended) A key release agent according to claim 38 further comprising: 

decrypting means for decrypting the key ciphertext;; 

encryption means for re-encrypring the key using a public key of a {public key, 
private key} pair to produce a re-encrypted key, me private key of which is available to the 
decryptor, 

means for sending the re-encrypted key to the decryptor. 

42. (Currently amended) A key release agent according to claim 38 further comprising: 

™ n n S for applying decryptor authorization logic associated with each public key 
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used to encrypt the decryption key to the decryptor information for determining whether the 
decryptor should be permitted access to the decryption key. 
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